Asked by:

LocalCertificateSelectionCallback failes to get local certificates

Question

I'm trying to get all client certificates programmatically when access a secure server which requires client certificate.

There are some client certificates in my store. And I can see them from IE certificate selection dialog if I use IE to open a secure web service site which requires client certificate. Now I'm trying to get all valid local client certificates programmatically
like IE for windows form application with below code.

void Test()

{

TcpClient client = new TcpClient(serverName, 443); // server
name is the web service site computer name
Console.WriteLine("Client connected.");
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
new LocalCertificateSelectionCallback(SelectLocalCertificate) // select local
certificate delegate
);

try
{
sslStream.AuthenticateAsClient(serverName); // Server name is same to the TcpClient server name
}

The problem is that SelectLocalCertificate will be executed twice. First, acceptableIssuers is null, secont, it's all my local acceptable issuers. But localCertificates is always empty. How could I get the local
certificates? Is there anything that I'm missing? Is there any other ways to get local client certificates like IE's certificate selection dialog?

All replies

Finally, I found that I should use another AuthenticateAsClient method like "sslStream.AuthenticateAsClient(serverName, certificatesCollection, SslProtocols.Default, false);" that pass a local certificates collection myself and LocalCertificateSelectionCallback
will return it during handshake. Then I could compare the acceptableIssuers with passed localCertificates collection like IE does with certificate selection dialog.